<?php
require_once 'common.inc';
session_start ();
if (! isset ( $_SESSION ['id'] ) or ! isset ( $_POST ['tname'] ))
	exit ();
	
// 检查权限
if ($_SESSION ['aboutme'] != '总部用户') {
	$bRight = true;
	switch ($_POST ['tname']) {
		case 'customer' :
		case 'logic' :
			$sql = "SELECT 1 FROM management WHERE id='" . $_SESSION ['id'] . "' AND tmncode='" . $_POST ['tmncode'] . "'";
			$result = execSQL ( $sql );
			$bRight = mysql_num_rows ( $result ) != 0;
			break;
		case 'user' :
		case 'management' :
		case 'item' :
		case 'input' :
		case 'output' :
			$bRight = false;
			break;
	}
	if (! $bRight) {
		echo ("{success:false,msg:\"添加未授权的数据！\"}");
		exit ();
	}
}

// 插入数据
$str1 = "";
$str2 = "";
$sql = "";
foreach ( $_POST as $key => $val ) {
	if ($key == 'tname')
		continue;
	$str1 .= $key . ",";
	$str2 .= "'" . addslashes ( $val ) . "',";
}
$sql = "INSERT INTO " . $_POST ['tname'] . " (" . substr ( $str1, 0, - 1 ) . ") VALUES (" . substr ( $str2, 0, - 1 ) . ")";
$result = execSQL ( $sql );
if ($result)
	echo ("{success:true}");
else
	echo ("{success:false,msg:\"" . mysql_error () . "\"}");
?>